Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.6.2 v3.1.5 – Bug fix update release notes

    Scheduled Pinned Locked Moved pfSense Packages
    11 Posts 5 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by

      Snort 2.9.6.2 pkg v3.1.5 – Release Notes

      This is a bug fix update only that addresses the auto-start failure on nanoBSD installations.  The Snort binary version remains at 2.9.6.2.

      Install Notes:  It is sufficient for this update to perform a GUI Components Only install by clicking the XML icon beside the package on the Installed Packages tab.

      Bug Fixes

      1.  Snort fails to automatically start following a firewall reboot on nanoBSD installs of pfSense.

      Bill

      1 Reply Last reply Reply Quote 0
      • D
        drewy
        last edited by

        Bill,

        I'm running 3.1.4 on 2.2, full install on usb thumb drive but with \var and \tmp on ramdisk. I'm Seeing the same or similar issues with pfsense restarts I.e. Snort fails to start. Hopefully this will work for me too.

        I'll give it a whirl and report back.

        Paul

        1 Reply Last reply Reply Quote 0
        • V
          val
          last edited by

          Hi Bill

          Last time, the stick on Waiting for Snort to started message was easy fix with a reinstall.
          But this time reinstall wouldn't work, and removing package and selecting it again from Package list too.

          You mentioned in few post saying the might be configure file corrupted.
          Is there anyway to removing configure file without access of Snort GUI? Because I have no Snort showing in my service list and pfSense menu, and also I have ticked the Not to removing configure Snort file while uninstalling, this way I can start it fresh.

          Also is there a way to read the partial config file? say like Suppress List.

          P.S. from the memory usage looks like Snort still running and blocking showing up in Snort Alert.

          Thank you for your help.

          Val

          Intel Xeon E3-1225 V2 @ 3.20Ghz
          Intel S1200KPR server board mini-ITX
          A-data ECC 4GB x 2 1600MHz
          Intel Ethernet Server Adapter I350-T2
          Samsung 840 Pro 120GB
          Lian-Li PC-Q15B

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @val:

            Hi Bill

            Last time, the stick on Waiting for Snort to started message was easy fix with a reinstall.
            But this time reinstall wouldn't work, and removing package and selecting it again from Package list too.

            You mentioned in few post saying the might be configure file corrupted.
            Is there anyway to removing configure file without access of Snort GUI? Because I have no Snort showing in my service list and pfSense menu, and also I have ticked the Not to removing configure Snort file while uninstalling, this way I can start it fresh.

            Also is there a way to read the partial config file? say like Suppress List.

            P.S. from the memory usage looks like Snort still running and blocking showing up in Snort Alert.

            Thank you for your help.

            Val

            What kind of install do you have for pfSense: a full install with conventional hard disk, or a nanoBSD install?

            What version of pfSense are you running?

            Bill

            1 Reply Last reply Reply Quote 0
            • V
              val
              last edited by

              @bmeeks:

              @val:

              Hi Bill

              Last time, the stick on Waiting for Snort to started message was easy fix with a reinstall.
              But this time reinstall wouldn't work, and removing package and selecting it again from Package list too.

              You mentioned in few post saying the might be configure file corrupted.
              Is there anyway to removing configure file without access of Snort GUI? Because I have no Snort showing in my service list and pfSense menu, and also I have ticked the Not to removing configure Snort file while uninstalling, this way I can start it fresh.

              Also is there a way to read the partial config file? say like Suppress List.

              P.S. from the memory usage looks like Snort still running and blocking showing up in Snort Alert.

              Thank you for your help.

              Val

              What kind of install do you have for pfSense: a full install with conventional hard disk, or a nanoBSD install?

              What version of pfSense are you running?

              Bill

              Full install on SSD, 2.1.5 RELEASE

              there is no error of any kind from system log too.

              Val

              Intel Xeon E3-1225 V2 @ 3.20Ghz
              Intel S1200KPR server board mini-ITX
              A-data ECC 4GB x 2 1600MHz
              Intel Ethernet Server Adapter I350-T2
              Samsung 840 Pro 120GB
              Lian-Li PC-Q15B

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @val:

                @bmeeks:

                @val:

                Hi Bill

                Last time, the stick on Waiting for Snort to started message was easy fix with a reinstall.
                But this time reinstall wouldn't work, and removing package and selecting it again from Package list too.

                You mentioned in few post saying the might be configure file corrupted.
                Is there anyway to removing configure file without access of Snort GUI? Because I have no Snort showing in my service list and pfSense menu, and also I have ticked the Not to removing configure Snort file while uninstalling, this way I can start it fresh.

                Also is there a way to read the partial config file? say like Suppress List.

                P.S. from the memory usage looks like Snort still running and blocking showing up in Snort Alert.

                Thank you for your help.

                Val

                What kind of install do you have for pfSense: a full install with conventional hard disk, or a nanoBSD install?

                What version of pfSense are you running?

                Bill

                Full install on SSD, 2.1.5 RELEASE

                there is no error of any kind from system log too.

                Val

                Do you have any other packages installed on this box besides Snort?  I have tested and tested in my VMs and cannot reproduce this problem with Snort seeming to install and run but not show up in the menus.  However, I think about three folks have posted with this issue; so I would like to get to the bottom of it if I can.

                The problem is going to be within the <installedpackages>tag in your config.xml file.  The entries for the Snort menu parameters are likely missing.  I don't know how that could have happened, though.

                Here is what that section should look like –

                <installedpackages><menu>

                <menu>
                <name>Snort</name>
                <tooltiptext>Set up snort specific settings</tooltiptext>
                Services
                <url>/snort/snort_interfaces.php</url>
                </menu>

                <service><service><name>snort</name>
                <rcfile>snort.sh</rcfile>
                <executable>snort</executable></service>

                The sections I listed above are likely missing.

                Bill</service></menu></installedpackages></installedpackages>

                1 Reply Last reply Reply Quote 0
                • V
                  val
                  last edited by

                  @bmeeks:

                  @val:

                  @bmeeks:

                  @val:

                  Hi Bill

                  Last time, the stick on Waiting for Snort to started message was easy fix with a reinstall.
                  But this time reinstall wouldn't work, and removing package and selecting it again from Package list too.

                  You mentioned in few post saying the might be configure file corrupted.
                  Is there anyway to removing configure file without access of Snort GUI? Because I have no Snort showing in my service list and pfSense menu, and also I have ticked the Not to removing configure Snort file while uninstalling, this way I can start it fresh.

                  Also is there a way to read the partial config file? say like Suppress List.

                  P.S. from the memory usage looks like Snort still running and blocking showing up in Snort Alert.

                  Thank you for your help.

                  Val

                  What kind of install do you have for pfSense: a full install with conventional hard disk, or a nanoBSD install?

                  What version of pfSense are you running?

                  Bill

                  Full install on SSD, 2.1.5 RELEASE

                  there is no error of any kind from system log too.

                  Val

                  Do you have any other packages installed on this box besides Snort?  I have tested and tested in my VMs and cannot reproduce this problem with Snort seeming to install and run but not show up in the menus.  However, I think about three folks have posted with this issue; so I would like to get to the bottom of it if I can.

                  The problem is going to be within the <installedpackages>tag in your config.xml file.  The entries for the Snort menu parameters are likely missing.  I don't know how that could have happened, though.

                  Here is what that section should look like –

                  <installedpackages><menu>

                  <menu>
                  <name>Snort</name>
                  <tooltiptext>Set up snort specific settings</tooltiptext>
                  Services
                  <url>/snort/snort_interfaces.php</url>
                  </menu>

                  <service><service><name>snort</name>
                  <rcfile>snort.sh</rcfile>
                  <executable>snort</executable></service>

                  The sections I listed above are likely missing.

                  Bill</service> </menu></installedpackages></installedpackages>

                  Hi Bill, apart from Snort package that I am using as following:-
                  bandwidthd
                  nut
                  Service Watchdog - with Snort added.

                  And also just an update of the issue that I had, after few reinstall try it passed the "Waiting for Snort to started" bit and now Snort it's back onto my menu.
                  Not really sure how but it did.

                  Thank you

                  Val

                  Intel Xeon E3-1225 V2 @ 3.20Ghz
                  Intel S1200KPR server board mini-ITX
                  A-data ECC 4GB x 2 1600MHz
                  Intel Ethernet Server Adapter I350-T2
                  Samsung 840 Pro 120GB
                  Lian-Li PC-Q15B

                  1 Reply Last reply Reply Quote 0
                  • S
                    Supermule Banned
                    last edited by

                    Since I got home from Greenland, then Snort has been acting quite strange in my home setup. Servers run fine on 2.1.4 but home setup is 2.1.5 X64

                    Thing is, I get a portscan from my WAN IP all the time going only to DNS related traffic.

                    Then WAN IP is blocked and surfs up! :(

                    portscan_WAN_IP.PNG
                    portscan_WAN_IP.PNG_thumb

                    1 Reply Last reply Reply Quote 0
                    • F
                      fsansfil
                      last edited by

                      Your interface is blue…thats weird! ;)

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks
                        last edited by

                        @Supermule:

                        Since I got home from Greenland, then Snort has been acting quite strange in my home setup. Servers run fine on 2.1.4 but home setup is 2.1.5 X64

                        Thing is, I get a portscan from my WAN IP all the time going only to DNS related traffic.

                        Then WAN IP is blocked and surfs up! :(

                        Responded to your other message via e-mail.  The problem is a typo bug that happened when 3.1.4 was released.  A version string in a file did not get updated from 3.1.3 to 3.1.4.  That caused the package sync function for Snort to not be called by pfSense when certain firewall events occurred.  Two of those events were reboots and WAN IP address changes.  The sync function is called to alert a package that some event has occurred that might require the package to make some updates.  With Snort, one important thing that needs to happen during a reboot or a WAN IP address change is that the PASS LIST needs to be regenerated so it will contain the new WAN IP.  Also, on nanoBSD boxes, some directories on RAM disks need to be recreated (on a reboot).

                        So the bug that was introduced in Snort 2.9.6.2 pkg v3.1.4 caused Snort to not restart on nanoBSD installs following a reboot, and it also caused the PASS LIST to not get updated with a changed WAN IP address.  These problems were corrected in the v3.1.5 package posted recently.

                        Sorry about the bug,
                        Bill

                        1 Reply Last reply Reply Quote 0
                        • S
                          Supermule Banned
                          last edited by

                          No worries dude!

                          Running smooth on all the boxes at the hosting site and privately!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.